[Openswan Users] l2tp firewall kernel 26

sasa sasa at shoponweb.it
Tue Jun 28 17:42:00 CEST 2005


"Jacco de Leeuw" wrote:

> Always remember to use nmap and scan for open UDP ports once the firewall
> is in place. Preferably scan from a client on the Internet, not from the
> server itself.
> 
> E.g. nmap -sU 123.123.123.123. The L2TP daemon (UDP port 1701) should then
> be listed as filtered. The only open ports should be UDP 500 (IKE) and
> optionally UDP 4500 (NAT-T).

.. if:

eth0=123.123.123.123 (public interface)
eth1=192.168.1.2 (internal interface)

..the l2tp traffic (UDP port 1701) must be enable only on the internal interface, with kernel 2.4 and ipsec0 interface translate this traffic from ipsec0 (original destination) to eth1 (translate interface) but now I don't have ipsec0, what can I do ??
still thanks.

        Salvatore.


More information about the Users mailing list